From b00103dac1bf9e559e132c62e768dba9408b94eb Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 16 Jun 2004 06:49:24 +0000 Subject: r1165: fixed handling of SMBtrans replies that should return STATUS_BUFFER_OVERFLOW when more data is present. (This used to be commit 0e557fe85748558affd20a58455c4b75fee69e27) --- source4/rpc_server/dcerpc_server.c | 8 +++++++- source4/rpc_server/dcerpc_tcp.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'source4/rpc_server') diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index d5d291dab5..b6584f812f 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -902,6 +902,9 @@ NTSTATUS dcesrv_input(struct dcesrv_connection *dce_conn, const DATA_BLOB *data) will be the number of bytes to be sent. write_fn() should return the number of bytes successfully written. + + this will return STATUS_BUFFER_OVERFLOW if there is more to be read + from the current fragment */ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, void *private, @@ -910,6 +913,7 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, struct dcesrv_call_state *call; struct dcesrv_call_reply *rep; ssize_t nwritten; + NTSTATUS status = NT_STATUS_OK; call = dce_conn->call_list; if (!call || !call->replies) { @@ -930,6 +934,8 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, if (rep->data.length == 0) { /* we're done with this section of the call */ DLIST_REMOVE(call->replies, rep); + } else { + status = STATUS_BUFFER_OVERFLOW; } if (call->replies == NULL) { @@ -938,7 +944,7 @@ NTSTATUS dcesrv_output(struct dcesrv_connection *dce_conn, talloc_destroy(call->mem_ctx); } - return NT_STATUS_OK; + return status; } diff --git a/source4/rpc_server/dcerpc_tcp.c b/source4/rpc_server/dcerpc_tcp.c index 81f1631c19..83a9140dd1 100644 --- a/source4/rpc_server/dcerpc_tcp.c +++ b/source4/rpc_server/dcerpc_tcp.c @@ -79,7 +79,7 @@ static void dcerpc_write_handler(struct event_context *ev, struct fd_event *fde, NTSTATUS status; status = dcesrv_output(r->dce_conn, fde, dcerpc_write_fn); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_ERR(status)) { /* TODO: destroy fd_event? */ } -- cgit